Security in Model Driven Development: A Survey
|
|
- Chad Manning
- 6 years ago
- Views:
Transcription
1 Security in Model Driven Development: A Survey Jostein Jensen Department of Computer and Information Science Norwegian University of Science and Technology Trondheim, Norway jostein.jensen@idi.ntnu.no Martin Gilje Jaatun Department of Software Engineering, Safety and Security SINTEF ICT Trondheim, Norway Martin.G.Jaatun@sintef.no Abstract Model driven development (MDD) is considered a promising approach for software development. In this paper the results of a systematic survey is reported to identify state-of-theart within the topic of security in model driven development, with a special focus on finding empirical studies. We provide an introduction to the major secure MDD initiatives, but our survey shows that there is a lack of empirical work on the topic. We conclude that better standardisation initiatives and more empirical research in the field is necessary before it can be considered mature. I. INTRODUCTION Model driven development (MDD) has been considered a promising approach to software development since its introduction about a decade ago. The Object Management Group (OMG) 1 is the most prominent standardisation body within the MDD domain, and has developed a framework for model driven development called Model Driven Architecture (MDA). Improved portability, platform independence and cross-platform interoperability are among keywords used by OMG to describe the benefits of using a model driven software development process. Figure 1 shows the MDA software development lifecycle as it is depicted by Kleppe et al. [1]. The ovals to the left represent generic software development phases, while the squares to the right represent artefacts produced in an MDA context. Artefacts developed during the requirements phase and used for analysis are often referred to as Computational Independent Models (CIM). Platform independent models (PIM) are abstract representations of the system to be built, and independent of any implementation technology. PIMs are transformed, preferably automatically using tool support, to Platform Specific Models. These are specific to the technology that will be used to realise future systems. Continuing the MDA lifecycle, PSMs are transformed into code. Since PSMs are close to the technology, this transformation is by some considered to be straightforward [1]. PIMs represent low-level system designs and as such constitute an important part of a system s documentation (while still providing important abstractions). The layering between platform independent models, platform specific models and code are the key to solve problems related to portability, platform independence and interoperability. 1 overview.htm In traditional software development, security aspects are often considered late in the development lifecycle, if they are considered at all [2]. However, the cost of eliminating security flaws increases by magnitudes the later they are discovered and fixed [3]. A good recommendation has therefore been to include security aspects from the very start of software projects [4]. The Microsoft Security Development Lifecycle [5] and McGraw s touchpoints [6] illustrate how security activities can be included in every phase of a software project. With its focus on high-quality design in early development phases through PIM modelling, MDD/MDA should be a perfect development framework to include security aspects in design models from the very start of a project. Consistent and sound security solutions throughout the entire application could be the result. The remainder of this paper is organised as follows: In Section II we present our research questions, followed by a description of our research method in Section III. We present our results in Section IV, and discuss our findings in Section V. Section VI concludes the paper. II. RESEARCH QUESTIONS This paper reports results related to a systematic survey that was carried out in order to learn how scientific communities deal with security in model driven development. The study aims to answer the following research questions: RQ1: RQ2: RQ3: What are the major scientific initiatives describing automatic code generation from design models within the context of security in MDD? What empirical studies exist on the topic security within MDD/MDA? What are the strengths of the evidence showing that security aspects successfully can be modeled as an inherent property and transformed to more secure code? III. METHOD A systematic literature review approach is used as research method leading to the results presented in this paper [7]. This method requires rigor with respect to planning, conducting, and reporting the review. The aim of this systematic survey was to identify scientific literature that could provide answers to our research questions listed in the previous section.
2 Fig. 1. MDA Software Development Lifecycle. Adapted from [1]. A. Identification of research The starting point for the survey is a research protocol where the research questions and the search strategy are defined. To support the paper selection process, the protocol also specifies inclusion and exclusion criteria. A rigorous and comprehensive search is key to identify all the relevant scientific literature. Both sources for scientific literature and search phrases were specified prior to the search. We used four online databases for scientific literature to search for studies: IEEE Xplore 2 ACM Digital Library 3 ISI Web of Knowledge 4 Compendex 5 According to experiences made by Dybå et al. [8], this should be sufficient to find relevant literature within the information systems field. The use of other databases will lead to duplicate findings, and as such, lead to extra work. For each of these databases we used the following search phrases and keywords: 1) model driven development 2) model driven architecture 3) MDD 4) MDA 5) Security These were combined as follows: (1 OR 2 OR 3 OR 4) AND 5. The searches were performed March 12, 2010, meaning that scientific literature indexed up until then are included within this study. The search resulted in a total of 2844 titles that needed to be evaluated based on title, abstract and content. B. Selection of primary studies All references and abstracts were imported to the reference tool EndNote. The next step was to exclude papers based on titles. All titles that clearly did not treat the wanted topics were filtered out. After this process a total of 366 studies remained. The following task was to read through the abstracts of these papers and evaluate whether they were relevant or not. For both these steps the following exclusion criteria were used: Exclude everything that is clearly not related to model driven software development. Our research interest is on use of models to generate code. Some studies e.g. present research where MDD principles are used to generate firewall rules. Such studies were excluded. Exclude everything that clearly not concerns both model driven development and security research. 122 papers remained after reading the abstracts, and these papers were all read to make a final evaluation whether they should be part of our primary studies or not. This evaluation resulted in 56 remaining papers. A last exclusion criterion was used for the purpose of this paper in order to answer RQ1: Exclude studies by authors and research groups who have published 3 or fewer papers on the topic. This exclusion criterion can give a somewhat inaccurate view of the current state, as some important initiatives may be treated and enhanced by different research groups. For the purpose of this paper, it is however considered sufficient to give a rough idea about the current state. With this last exclusion criterion the number of papers to include as primary studies in this report was limited to 30. C. Quality assessment, classification and synthesis RQ2 and RQ3 can only be answered with a scientific validity if empirical studies following a rigorous research protocol on the topic are found. However, within the topic of model driven development and security, this study shows that none empirical studies seems to exist. Within this paper we therefore give a short introduction to the included papers considered for answering RQ1. Studies are grouped based on the originating research groups. A qualitative reflection about how MDD and security is covered in existing research works is given at the end of this paper.
3 IV. RESULTS Our survey identified 5 research approaches which will be described in the following. A. Model Driven Security One of the earliest initiatives for including security in model driven architecture came from Basin et al. [9]. Their solution, called model driven security, is a specialisation of the MDA approach. Security models are integrated with what Basin et al. call UML process models, and the combined models are transformed into executable systems with integrated security infrastructures. The focus of their work is to include access control constraints based on role based access control (RBAC) in design models. A security metamodel for expressing RBAC properties in UML is given, and this UML extension is called SecureUML. In [10] Basin and Doser give a more detailed description of the Model Driven Security approach, while Clavel et al. [11] build on this work to gain practical experience with the approach. B. SECTET In [12] Alam et al. describe an approach to specify rolebased access control policies for web services using the Object Constraint Language (OCL). OCL was initially a language extension of UML and is used to ensure a platform independent specification of access control policies. This work is used and extended by Breu et al. [13] who show how security can be built into web service-based systems supporting inter-organisational workflows. To model inter-organisational workflows they specify three model levels: global workflow model, local workflow model and interface model. The global workflow models show an abstract view of interactions between autonomous organisations, the local workflow models show intra-organisational workflows within each organisation, and the interface models present the services offered by each component in the system. OCL is used together with the interface models to describe access control constraints for operations/services provided by a web service. The same team builds on these concepts in [14] where the focus is to integrate security into the global workflow model. They use OCL-like expressions to assign security qualities such as confidentiality and integrity to data sent between actors. The research team behind the above mentioned reports [12], [13], [14] has built on these results and come up with a model driven security framework called SECTET. Three software engineering paradigms are combined in this framework [15]: Model Driven Architecture as methodical concept, Service Oriented Architecture as architectural paradigm, and web services as technical standard. The three model levels described above is kept, and the OCL security policy definitions are refined into an OCL-based language they call SECTET-PL. Alam et al. [16], [17] present the SECTET framework with a focus on integrating access control policies in the interface models. They give a detailed description on how they specify dynamic access control constraints using SECTET-PL, and how these policy rules are combined with UML models at the interface level. In [18] SECTET-PL is used to describe how delegation rights in service-oriented architectures can be implemented, and in [19] and [20] SECTET is presented in a trust management perspective. While the early reports [12], [13], [14] only were at the idea phase, [16] describes the whole tool chain to carry out model-to-model transformation and model-to-code transformation. They define UML meta-models for their concepts to formalise the modelling process sufficiently to allow toolsupported transformations, and Hafner et al. [21] focus on using the OMG transformation specification Meta Object Facility Query/View/Transformation (MOF-QVT) 6 to formalise transformation rules. Fernandez-Medina et al. [22] describe the SECTETframework to be one of the most complete frameworks to integrate security engineering with Model Driven Architecture. C. Secure development of Data Warehouses Data warehouses (DW) are repositories where enterprises electronically can store data from their various business systems 7. This is done to facilitate reporting and analysis of the data. Often data is... extracted from multiple heterogeneous, autonomous, and distributed sources of information [23]. Single data elements in the repository can be sensitive, but also the total amount of business information collected soon becomes business sensitive. Soler et al. [23] therefore argue that security engineering must be included from the earliest phases of development of such systems. Soler and his colleagues [23], [24], [25] argue that MDA is a well suited development framework to create DW solutions, but with the disadvantage that the MDA framework does not include mechanisms to sufficiently express security requirements 8, and as such perform a transformation from PIM to PSM. In their work based on the UML modelling language they show how they use UML profiles and model a security enriched PlM meta-model for the DW domain. In their framework, they also provide a set of QVT transformation rules so that PIMs can be transformed and mapped to concepts in a security enriched PSM meta-model that they also have defined. In addition to the security concepts defined in the two meta-models, dynamic security rules, such as audit and authorization rules can be added to the model using the OCL language. While Soler et al. focused on PIM to PSM transformations, Blanco et al. [26], [27] build on this work and demonstrate with a prototype that it is feasible to go all the way in the MDA lifecycle, from secure PIMs to secure PSM to code with security properties, in order to build secure data warehouses. Soler et al. supplement this work in [28]. The framework for development of secure data warehouses are further extended in [29] and [30]. In these works the authors build on the i* modelling language, which is designed A definition of the Data Warehouse concept can be found at: 8 It may be argued that such mechanisms were never intended to be a part of MDA.
4 to support modelling of business requirements. i* concepts are converted to a UML profile to fit the DW MDA approach, and some extensions are made to the original i* concepts to be able to sufficiently express security requirements in the DW domain. This new i* UML-profile supports elicitation of requirements at the business level, and is considered as being a CIM. Guidelines for transforming the business security requirements models to PIM are given to align the approach with MDA. Blanco et al. [31] present an approach for modernising existing DWs by means of the above mentioned techniques for secure DW development. By going backwards in a reverse engineering style, they claim that code for existing DWs, presumably with insufficient security, can be analysed and converted to a PSM. This PSM is again transformed into a PIM, and finally a CIM. Now, the CIM can be analysed from a business perspective. Security requirements can be added, and then the new secure DW approach can be followed to get a more secure DW with the same functionality as it had before modernisation. To bring the secure DW MDA approach closer to completion, Trujillo et al. [32] define an engineering process to support the framework shown in Figure 2. This paper defines the process that starts with i* -based CIM models, which are transformed into secure PIMs, PSMs and code through transformation T1 to T3. It shows that security can be included from the very beginning of a project by using an MDA approach. D. Security in business process models Rodriguez et al. [33], [34] present initial ideas on how UML 2.0 activity diagrams, which are used to model business processes, can be enriched to include security properties. The authors claim that the advantage of including security in the business process modelling stage is that this important aspect then can be included from the very beginning of a software development project, and that a business analyst s considerations about security can be captured. They define a UML profile consistent with OMG MOF, similar to the ideas of Hafner et al. [21]. A graphical notation to represent security requirements is added to the activity diagram notation. In [35] the same authors suggest how the business process models, which they consider to be CIMs, can be transformed into use case models, which they consider to be PIMs. The transformation process is based on OMGs QVT specification, checklists and refinement rules. The feasibility of the approach is demonstrated through a prototype tool [36]. Use case models are often the starting point in software development projects where they are used to capture functional requirements. With this work, functional security requirements can be visually illustrated from the start in these models. E. Secure smart card application development Moebius et al. [37], [38], [39] use a model driven approach, which they call securemdd, to develop security critical applications for smart cards. Their illustrating case is the development of an application that can be used for payment. From the PIMs they design, a transformation to three new model types is made: to card PSM, to terminal PSM and to a formal PSM. The two first model types define the functionality on, and interaction between the payment card and the terminal in which the card is used. The latter is a formal security specification of their models that can be analysed to determine the correctness with respect to security of their models. Moebius and her colleagues emphasise the importance of both modelling static and dynamic aspects of the application. UML is the preferred modelling language in their approach. The securemdd approach is introduced in [37], and the approach to go from PIM to PSM to code is specified in more detail in [38]. Class diagrams are used to model an application s static view, while sequence and activity diagrams are used for modelling of dynamic aspects. The transformation from PIMs to formal specifications is shown in [39]. V. DISCUSSION The existing papers on the topic can be categorized as lessons learned/experience reports where approaches at best are demonstrated by implementing prototypes. They provide little evidence to prove that the final code is more secure or better than what it would have been if another development approach had been used. The contribution that comes closest to being an empirical study is the paper written by Clavel et al. [11]. They provide an experience report where the MDS approach defined by Basin et al. (see section IV-A) has been tested in an industrial setting. Their feedback on the approach is quite optimistic, and with respect to MDS their major findings are: The security design models integrate security models with system design models, remaining at the same time technology independent, reusable, and evolvable. The security design models are understandable by those familiar with the UML-notation. The security-enhanced models were expressive enough to model the access control policy defined in the original requirements document provided by their clients. This seems promising, but there are still several challenges that should be adressed in the coming years. Some of the promises of MDD/MDA are that the approach will ensure portability, platform independence and cross-platform interoperability. However, the studies included in this paper all explain different approaches for including security into the modelling languages and the processes they use. Since it is recognised that security modelling is not part of any standardisation initiatives for MDD, e.g. MDA, researchers define their own extensions to existing modelling languages to model the security aspects they need for their projects. An example of this is the use of OCL, which is the standardised UML constraint language used as starting point for specifying dynamic security aspects in the two most complete MDA frameworks: SECTET and secure DW. Both research teams found limitations with respect to modelling security constraints in the OCL language. Consequently, they started adapting it.
5 Fig. 2. Framework for designing secure Data Warehouses. Adapted from [32]. In the SECTET framework, the SECTET-PL was the resulting constraint language used, and in the DW design they extended a DW UML profile in order to better integrate concepts from the OCL expressions into their models. In general, standardisation initiatives exist with the purpose of encouraging the development of interoperable systems, so when standards are adapted and extended in different ways by different research teams it can be questioned whether final systems really will be interoperable and portable and so on. McDermott [40] argues that one topic not sufficiently covered within security modelling, is related to modelling of security protocols. Moebius and her colleagues treat this in their approach for secure smart card application development. However, they do not follow a standardised MDD approach such as the MDA framework. At the same time it can be questioned whether the descriptions of their approach is sufficient to reconstruct their transformations from PIMs expressing protocol information to PSMs and then code. Thus, McDermot s point still seems to be valid. A key ingredient in MDD is the transformation rules guiding conversion from PIM to PSM to code. Based on the papers included in this study, the transformation rule development seems like a complex task, which requires a lot of expertise both with respect to the used development approach and technology platforms. This raises questions whether the team of security experts responsible for analysing security needs and requirements, also need to be experts on the modelling approach. If a transformation rule is flawed in a sense that it does not correctly transform a security requirement/model to code, then the whole system s security can be compromised. Security experts should therefore also be able to evaluate the quality of transformation rules in all parts of the transformation chain to successfully benefit from the promises of security in MDD. Unfortunately, the situation seems to be that development teams and security teams often are separated, and that the real security experts usually do not themselves develop software [2]. This situation must be changed if high-quality secure code is going to be produced in an MDD context with automated code generation. There is one important topic related to security that has not been discussed in the papers identified in this study; the possibility to model input validation constraints. Data sent to interfaces should be validated before they are accepted. Both the length and type of data must be checked in order to avoid security vulnerabilities related to injection attacks. To date, these types of vulnerabilities are the most prevalent security flaws in existing web applications 9. It should be possible to include modelling of input validation constraints in order to eliminate injection attack threats from the start of software development, similar to modelling of access control constraints. A. Excluded Studies There have been significant initiatives on topics related to this study that have been excluded due to RQ1 and the exclusion criteria used for the purpose of selecting primary studies. A notable example is UMLsec, an extension of UML supporting secure systems development [41]. Security requirements such as confidentiality, integrity and authenticity can be modelled in UML diagrams through the extension mechanisms stereotypes and tags. Modeling with UMLsec and analysis of industrial systems using this approach is even tested in industrial projects [42] [43] [44]. However, even though UMSsec is an important contribution to security engineering research in general and in the core of security in model driven development, papers on this topic were excluded due to our focus on automatic code generation. Another topic not dealt with in this study is aspect oriented modeling. In aspect oriented modeling crosscutting concerns for an application, or aspects, are treated separately. Each aspect is then modelled and, by tool support, woven together into the final product. Examples of what an aspect might be include security, mobility and availability. Aspect oriented modelling papers were excluded since security was not treated specifically, but as one of several aspects. Still, we recognize that this approach may be worth looking into in future studies. In the past there have been attempts to identify empirical research on the wide topic of model driven development. The systematic survey performed by Haug [45] returned a total of 21 papers, but this was only 2,2 % of the studies from the initial search; none with special focus on security. There were, however, limitations in this study with respect to sources used to find relevant literature; only selected journals and conference proceedings were searched. One of the key objectives of the review presented in this paper was to identify empirical 9 Top Ten Project
6 studies on the topic of security in MDD, which is a narrow field compared to what Haug presented. A search strategy with a wider scope with respect to publication databases was used in hope of finding relevant literature despite the findings by Haug. However, the observations made in our study (including the studies that are not presented in this paper) indicate that such empirical studies do not exist for the topic of security in Model Driven Development. B. Further Work From the discussion above, the following paths for future research are identified: Empirical research should be performed to determine whether security successfully can be included properly in MDD/MDA to build more secure systems. Modelling of security should be included as a standardisation activity in the MDD frameworks, such as MDA. More research should be performed related to how security protocols can be modelled and transformed to final systems. Research should be performed to find an approach for modelling of input validation constraints. Additionally, a follow up of what is presented within this paper seems natural. Here we have presented an introduction to the major initiatives within the field of security in MDD. Future work must cover a deeper analysis, which includes evaluating the maturity of the presented approaches, to see if they are ready to be applied within an industrial setting. It is also worth studying the main differences and commonalities of each approach to determine to what extent their elements can be combined or reconciled. Finally, it is worth looking into a refinement of the research protocol, maybe widen the scope of the research questions and exclusion criteria, so that initiatives such as UMLsec and Aspect Oriented Modeling will be covered. A more fundamental challenge, however, resides in the area of measuring code security, i.e., comparing two pieces of code to determine which is most secure. Current approaches are limited to counting the accumulated number of discovered bugs/flaws in a software product [46], or (reverse) modeling a given implementation and comparing it to an ideal model [42], [43], [44] the latter approach assumes that the ideal model always will produce more secure code 10, but unless you can measure the security property, there is no way to know for sure. It is not clear whether this problem is solvable, and we are not aware that anyone is currently working on it. VI. CONCLUSION In this paper we have presented state-of-the art within security research in model driven development and identified the most comprehensive works. The study shows that there is a need for more empirical studies on the topic, and that 10 The authors of UMLsec state that Automated theorem provers and model checkers automatically establish whether the security requirements hold [43], but this is no panacea if the security requirements themselves are flawed (or missing). standardisation is key to achieve the objectives of MDD/MDA, which are increased portability and interoperability. REFERENCES [1] A. Kleppe, J. Warmer, and W. Bast, MDA Explained. Addison-Wesley, [2] K. R. van Wyk and G. McGraw, Bridging the gap between software development and information security, IEEE Security & Privacy, vol. 3, no. 5, pp , [3] B. Boehm and V. Basili, Top 10 list [software development], Computer, vol. 34, no. 1, pp , Jan [4] I. A. Tøndel, M. G. Jaatun, and P. H. Meland, Security Requirements for the Rest of Us: A Survey, IEEE Software, vol. 25, no. 1, [5] M. Howard and S. Lipner, The Security Development Lifecycle. Microsoft Press, [6] G. McGraw, Software Security: Building Security In. Addison-Wesley, [7] B. Kitchenham, Procedures for Performing Systematic Reviews, Keele University, Tech. Rep. TR/SE-0401, [8] T. Dybå, T. Dingsøyr, and G. K. Hanssen, Applying Systematic Reviews to Diverse Study Types: An Experience Report, in Proceedings of First International Symposium on Empirical Software Engineering and Measurement, 2007, pp [9] D. Basin, J. Doser, and T. Lodderstedt, Model Driven Security for Process-Oriented Systems, in Proceedings of the eighth ACM symposium on Access control models and technologies. ACM Press, 2003, pp [10], Model driven security: From UML models to access control infrastructures, ACM Transactions on Software Engineering Methodology, vol. 15, no. 1, pp , [11] M. Clavel, V. Silva, C. Braga, and M. Egea, Model-Driven Security in Practice: An Industrial Experience. Berlin, Germany: Springer-Verlag, 2008, pp [12] M. M. Alam, R. Breu, and M. Breu, Model driven security for Web services (MDS4WS), in Proceedings of 8th International Multitopic Conference, INMIC 2004., 2004, pp [13] R. Breu, M. Hafner, B. Weber, and A. Novak, Model driven security for inter-organizational workflows in e-government, in E-Government: Towards Electronic Democracy, vol Springer Verlag, 2005, pp [14] M. Hafner, M. Breu, R. Breu, and A. Nowak, Modelling interorganizational workflow security in a peer-to-peer environment, in Proceedings of International Conference on Web Services. ICWS 2005., 2005, p [15] M. Hafner and R. Breu, Security Engineering for Service-Oriented Architectures. Springer Verlag, [16] M. Alam, M. Hafner, and R. Breu, A constraint based role based access control in the SECTET a model-driven approach, in Proceedings of the 2006 International Conference on Privacy, Security and Trust. ACM, 2006, pp [17], Constraint based role based access control (CRBAC) for restricted administrative delegation constraints in the SECTET, in Proceedings of the 2006 International Conference on Privacy, Security and Trust. ACM, 2006, pp [18] M. Alam, M. Hafner, R. Breu, and S. Unterthiner, A framework for modelling restricted delegation of rights in the SECTET, Computer Systems Science and Engineering, vol. 22, no. Compendex, pp , [19] M. Alam, R. Breu, and M. Hafner, Model-Driven Security Engineering for Trust Management in SECTET, Journal of Software, vol. 2, no. 1, [20] M. Alam, J. P. Seifert, and Z. Xinwen, A Model-Driven Framework for Trusted Computing Based Systems, in 11th IEEE International Enterprise Distributed Object Computing Conference. EDOC 2007., 2007, pp [21] M. Hafner, M. Alam, and R. Breu, Towards a MOF/QVT-based domain architecture for model driven security, in Proceedings of 9th International Conference on Model Driven Engineering Languages and Systems, MoDELS 2006, vol LNCS. Springer Verlag, 2006, pp [22] E. Fernandez-Medina, J. Jurjens, J. Trujillo, and S. Jajodia, Model- Driven Development for secure information systems, Information and Software Technology, vol. 51, pp , 2009.
7 [23] E. Soler, J. Trujillo, E. Fernandez-Medina, and M. Piattini, A framework for the development of secure data warehouses based on MDA and QVT, in Proceedings of Second International Conference on Availability, Reliability and Security, ARES 2007:, 2007, pp [24], A set of QVT relations to transform PIM to PSM in the design of secure data warehouses, in Proceedings of Second International Conference on Availability, Reliability and Security. ARES 2007, [25], Application of QVT for the Development of Secure Data Warehouses: A case study, in Proceedings of Second International Conference on Availability, Reliability and Security. ARES2007, [26] C. Blanco, E. Fernandez-Medina, J. Trujillo, and M. Piattini, Implementing multidimensional security into olap tools, in Proceedings of 3rd International Conference on Availability, Security, and Reliability, ARES 2008, 2008, pp [27] C. Blanco, I. G. R. de Guzman, E. Fernandez-Medina, J. Trujillo, and M. Piattini, Automatic Generation of Secure Multidimensional Code for Data Warehouses: An MDA Approach, in On the Move to Meaningful Internet Systems, vol Springer Verlag, 2008, pp [28] E. Soler, J. Trujillo, C. Blanco, and E. Fernandez-Medina, Designing Secure Data Warehouses by Using MDA and QVT, Journal of Universal Computer Science, vol. 15, no. 8, pp , [29] E. Soler, V. Stefanov, J.-N. Mazon, J. Trujillo, E. Fernandez-Madina, and M. Piattini, Towards comprehensive requirement analysis for data warehouses: Considering security requirements, in Proceedings of Third International Conference on Availability, Reliability and Security, ARES2008, 2008, pp [30] J. Trujillo, E. Soler, E. Fernandez-Medina, and M. Piattini, A UML 2.0 profile to define security requirements for Data Warehouses, Computer Standards & Interfaces, vol. 31, no. 5, pp , [31] C. Blanco, R. Perez-Castillo, A. Hernandez, E. Fernandez-Medina, and J. Trujillo, Towards a Modernization Process for Secure Data Warehouses, in Data Warehousing and Knowledge Discovery. Springer- Verlag, 2009, pp [32] J. Trujillo, E. Soler, E. Fernandez-Medina, and M. Piattini, An engineering process for developing Secure Data Warehouses, Information and Software Technology, vol. 51, pp , [33] A. Rodriguez, E. Fernandez-Medina, and M. Piattini, Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes, in Trust and Privacy in Digital Business. Springer Verlag, 2006, pp [34], Security requirement with a UML 2.0 profile, in The First International Conference on Availability, Reliability and Security, ARES 2006., 2006, p. 8 pp. [35], Towards CIM to PIM transformation: From secure business processes defined in BPMN to use-cases, in Business Process Management, ser. Lecture Notes in Computer Science, G. Alonso, P. Dadam, and M. Rosemann, Eds., 2007, vol. 4714, pp [36], CIM to PIM transformation: A reality, in Research and Practical Issues of Enterprise Information Systems II, ser. International Federation for Information Processing, L. D. Xu, A. M. Tjoa, and S. S. Chaudhry, Eds. Springer Verlag, 2008, vol. 255, pp [37] N. Moebius, K. Stenzel, H. Grandy, and W. Reif, SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications, in International Conference on Availability, Reliability and Security ARES 09., 2009, pp [38], Model-Driven Code Generation for Secure Smart Card Applications, in Australian Software Engineering Conference. ASWEC 09., 2009, pp [39] N. Moebius, K. Stenzel, and W. Reif, Generating formal specifications for security-critical applications - a model-driven approach, in ICSE Workshop on Software Engineering for Secure Systems, SESS 09., 2009, pp [40] J. McDermott, Visual security protocol modeling. Lake Arrowhead, California: ACM, 2005, pp [41] J. Jürjens, Secure Systems Development with UML. Springer, [42] B. Best, J. Jurjens, and B. Nuseibeh, Model-Based Security Engineering of Distributed Information Systems Using UMLsec, in Proceedings of the 29th international conference on Software Engineering, ser. ICSE 07, 2007, pp [43] J. Jürjens, J. Schreck, and P. Bartmann, Model-based security analysis for mobile communications, in Proceedings of the 30th international conference on Software engineering, ser. ICSE 08. ACM, 2008, pp [44] J. Lloyd and J. Jürjens, Security Analysis of a Biometric Authentication System Using UMLsec and JML, in Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems, ser. MODELS 09. Springer-Verlag, 2009, pp [45] T. H. Haug, A Systematic Review of Empirical Research on Model- Driven Development with UML, University of Oslo, Tech. Rep. Master s Thesis, [46] CVE - Common Vulnerabilities and Exposures (CVE). [Online]. Available:
CIM to PIM Transformation: An Analytical Survey
CIM to PIM Transformation: An Analytical Survey Hamid Reza Sharifi Department of Computer Engineering Science and Research Branch, Islamic Azad University Tehran, Iran hr.sharifi@srbiau.ac.ir Mehran Mohsenzadeh
More informationTransformation Method CIM to PIM: From Business Processes Models Defined in BPMN to Use Case and Class Models Defined in UML
Transformation Method CIM to PIM: From Business Processes Models Defined in BPMN to Use Case and Class Models Defined in UML Y. Rhazali, Y. Hadi, A. Mouloudi Digital Open Science Index, Computer and Information
More informationA Novel Framework to Model a Secure Information System (IS)
2012 International Conference on Information and Computer Applications (ICICA 2012) IPCSIT vol. 24 (2012) (2012) IACSIT Press, Singapore A Novel Framework to Model a Secure Information System (IS) Youseef
More informationCIM to PIM Transformation: A Reality
CIM to PIM Transformation: A Reality Alfonso Rodríguez 1, Eduardo Fernández-Medina 2 and Mario Piattini 2 1 Departamento de Auditoría e Informática,Universidad del Bio Bio,Chillán,Chile alfonso@ubiobio.cl
More informationAn Agile Method for Model-Driven Requirements Engineering
An Agile Method for Model-Driven Requirements Engineering Grzegorz Loniewski, Ausias Armesto, Emilio Insfran ISSI Research Group, Department of Computer Science and Computation Universidad Politecnica
More informationAn MDA Method for Service Modeling by Formalizing REA and Open-edi Business Frameworks with SBVR
An MDA Method for Service Modeling by Formalizing REA and Open-edi Business Frameworks with SBVR Jelena Zdravkovic, Iyad Zikra, Tharaka Ilayperuma Department of Computer and Systems Sciences Stockholm
More informationIncorporating Model-Driven Techniques into Requirements Engineering for the Service-Oriented Development Process
Incorporating Model-Driven Techniques into Requirements Engineering for the Service-Oriented Development Process Grzegorz Loniewski, Ausias Armesto, Emilio Insfran ISSI Research Group, Department of Computer
More informationModel-driven Engineering a promising approach for developing critical software applications
Model-driven Engineering a promising approach for developing critical software applications Abstract: Many different approaches and frameworks exist to use Model-driven Engineering (MDE). Some of these
More informationModel Driven Architecture as Approach to Manage Variability in Software Product Families
Model Driven Architecture as Approach to Manage Variability in Software Product Families Sybren Deelstra, Marco Sinnema, Jilles van Gurp, Jan Bosch Department of Mathematics and Computer Science, University
More informationMDA Overview Applied MDA
IBM Software Group MDA Overview Applied MDA Jim Amsden Senior Software Engineer IBM Rational Software jamsden@us.ibm,com Tutorial: MDA, UML, and applicability to SOA (C) IBM Corporation March 2006 Agenda!
More informationSecurity Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges
Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges Maria Leitner University of Vienna Vienna, Austria maria.leitner@univie.ac.at Abstract Enabling security
More informationThe Fast Guide to Model Driven Architecture
WHITEPAPER The Fast Guide to Model Driven Architecture The Basics of Model Driven Architecture By Frank Truyen frank.truyen@cephas.cc The Fast Guide to Model Driven Architecture The Basics of Model Driven
More informationStatic Code Analysis A Systematic Literature Review and an Industrial Survey
Thesis no: MSSE-2016-09 Static Code Analysis A Systematic Literature Review and an Industrial Survey Islam Elkhalifa & Bilal Ilyas Faculty of Computing Blekinge Institute of Technology SE 371 79 Karlskrona,
More informationObjectives. The software process. Topics covered. Waterfall model. Generic software process models. Software Processes
Objectives Software Processes To introduce software process models To describe three generic process models and when they may be used To describe outline process models for requirements engineering, software
More information1. Introduction. URDAD for System Design. Table of Contents. Dr. Fritz Solms. Abstract. Use-Case Responsibility Driven Analysis and Design
Solms Training, Consulting and Development Physical: 113 Barry Hertzog Ave, Emmarentia, Johannesburg, South Africa Postal: PostNet Suite no 237, Private Bax X9, Melville 2109, South Africa Phone: +27 (11)
More informationMDA Overview. Bill Wood
MDA Overview Bill Wood Overview Introduction Concepts Analysis of Current Work Connections Next Steps Conclusions Introduction Paradigm shift: from programmers using programming language to modelers using
More informationEXTENDING THE EPC AND THE BPMN WITH BUSINESS PROCESS GOALS AND PERFORMANCE MEASURES
EXTENDING THE EPC AND THE BPMN WITH BUSINESS PROCESS GOALS AND PERFORMANCE MEASURES Birgit Korherr, Beate List Women's Postgraduate College for Internet Technologies, Institute of Software Technology and
More informationType-based Validation and Management of Business Service Interoperability
Type-based Validation and Management of Business Service Interoperability Toni Ruokolainen Dept. of Computer Science P.O. Box 68 (Gustaf Hällströmin katu 2b) FI-00014 UNIVERSITY OF HELSINKI, FINLAND Toni.Ruokolainen@cs.Helsinki.FI
More informationModel-Based Development with SoaML
Model-Based Development with SoaML Brian Elvesæter, Cyril Carrez, Parastoo Mohagheghi, Arne-Jørgen Berre, Svein G. Johnsen and Arnor Solberg 1 Introduction and Overview Our MDSE methodology aims to integrate
More informationUsing Model Driven Architecture to Achieve Product Life Cycle Support
Using Model Driven Architecture to Achieve Product Life Cycle Support - a practical and theoretical study - Stina Ingvarsson & Sara Ponga November 7, 2005 Master s Thesis in Computing Science, 2*20 credits
More informationCoupling MDA and Parlay to increase reuse in telecommunication application development
oupling MD and Parlay to increase reuse in telecommunication application development abak. Farshchian Sune Jakobsson Erik erg Telenor Research and Development Otto Nielsensvei 12 NO-7004 Trondheim, Norway
More informationALEM-T: A Modelling Tool for Autonomous Logistic Processes
ALEM-T: A Modelling Tool for Autonomous Logistic Processes B. Scholz-Reiter (2), T. Hildebrandt, J. Kolditz Planning and Control of Production Systems, University of Bremen, Germany Abstract Autonomous
More informationChapter 3 Prescriptive Process Models
Chapter 3 Prescriptive Process Models - Generic process framework (revisited) - Traditional process models - Specialized process models - The unified process Generic Process Framework Communication Involves
More informationSoftware Processes. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 4 Slide 1
Software Processes Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 4 Slide 1 Objectives To introduce software process models To describe three generic process models and when they may be
More informationAnalyze, Design, and Develop Applications
Analyze, Design, and Develop Applications On Demand Insurance Problems 1. We lose customers because we process new policy applications too slowly. 2. Our claims processing is time-consuming and inefficient.
More informationProcess Engineering and Project Management for the Model Driven Approach
Process Engineering and Project Management for the Model Driven Approach Ana Belén García Díez, Xabier Larrucea Uriarte ESI European Software Institute anabelen.garcia@esi.es, xabier.larrucea@esi.es Abstract
More informationImplementing Enterprise Architecture with MDA
Implementing Enterprise with MDA Mike Rosen CTO, M²VP Mrosen@m2vp.com Copyright M 2 VP Inc. 2003, All rights reserved Agenda What is Enterprise? What does it mean to implement it? How does MDA help? Enterprise
More informationSOA Enabled Workflow Modernization
Abstract Vitaly Khusidman Workflow Modernization is a case of Architecture Driven Modernization (ADM) and follows ADM Horseshoe Lifecycle. This paper explains how workflow modernization fits into the ADM
More informationThe software process
Software Processes The software process A structured set of activities required to develop a software system Specification; Design; Validation; Evolution. A software process model is an abstract representation
More informationAutomated Adaptation of Business Process Models Through Model Transformations Specifying Business Rules
Automated Adaptation of Business Process Models Through Model Transformations Specifying Business Rules Roman Popp and Hermann Kaindl Vienna University of Technology, Vienna, Austria {roman.popp, hermann.kaindl}@tuwien.ac.at
More informationInternational Workshop on BIG Data Software Engineering (BIGDSE 15) Software Analytics to Software Practice: A Systematic Literature Review
International Workshop on BIG Data Software Engineering (BIGDSE 15) Software Analytics to Software Practice: A Systematic Literature Review Tamer Mohamed Abdellatif, Luiz Fernando Capretz, Danny Ho 1 Tamer
More informationMDA and Stakeholders in an MDA Process
MDA and Stakeholders in an MDA Process and the support for their roles www.bournemouth.ac.uk Model Driven Architecture (MDA) An approach: to system development, which increases the rigour of models. It
More informationModel-Driven Service Engineering with SoaML
Model-Driven Service Engineering with SoaML Brian Elvesæter, Cyril Carrez, Parastoo Mohagheghi, Arne-Jørgen Berre, Svein G. Johnsen and Arnor Solberg Abstract This chapter presents a model-driven service
More informationSoftware Processes. Objectives. Topics covered. The software process. Waterfall model. Generic software process models
Objectives Software Processes To introduce software process models To describe three generic process models and when they may be used To describe outline process models for requirements engineering, software
More informationTopics covered. Software process models Process iteration Process activities The Rational Unified Process Computer-aided software engineering
Software Processes Objectives To introduce software process models To describe three generic process models and when they may be used To describe outline process models for requirements engineering, software
More informationThe role of the service-oriented architect
Copyright Rational Software 2003 http://www.therationaledge.com/may_03/f_bloomberg.jsp The role of the service-oriented architect by Jason Bloomberg Senior Analyst ZapThink LLC Web services have moved
More informationPertemuan 2. Software Engineering: The Process
Pertemuan 2 Software Engineering: The Process Collect Your Project Topic What is Software Engineering? Software engineering is the establishment and sound engineering principles in order to obtain economically
More informationLecture 1. In practice, most large systems are developed using a. A software process model is an abstract representation
Chapter 2 Software Processes Lecture 1 Software process descriptions When we describe and discuss processes, we usually talk about the activities in these processes such as specifying a data model, designing
More informationDevelopment Process and Analysis. LTOOD/OOAD - Verified Software Systems 1
Development Process and Analysis LTOOD/OOAD - Verified Software Systems 1 Software Crisis Declared in the late 60 s Expressed by delays and failures of major software projects (unreached goals, unpredictable
More informationProduct Line Engineering Lecture PL Architectures I
Product Line Engineering Lecture PL Architectures I Dr. Martin Becker martin.becker@iese.fraunhofer.de 0 Schedule - Lectures 1 Schedule - Exercises 2 Product Line Scoping --- Requirements Engineering ---
More informationArchitecture Practice: a fundamental discipline for information systems
Association for Information Systems AIS Electronic Library (AISeL) ACIS 2002 Proceedings Australasian (ACIS) December 2002 Architecture Practice: a fundamental discipline for information systems Pin Chen
More informationContext-Aware Process Modelling through Imperative and Declarative Approach
Context-Aware Process Modelling through Imperative and Declarative Approach Olaolu Sofela, Lai Xu, and Paul De Vrieze Software Systems Research Centre, Bournemouth University, UK {osofela,lxu,pdvrieze}@bournemouth.ac.uk
More informationSoftware Life Cycle. Main Topics. Introduction
Software Life Cycle Main Topics Study the different life cycle models Study the difference between software maintenance and evolution Study product line engineering as a design methodology 2 Introduction
More informationModel-Based Enterprise Information System Architectural Design with SysML
9th International Conference on Research Challenges in Information Science, May 13-15 2015, Athens, Greece Doctoral Consortium Model-Based Enterprise Information System Architectural Design with SysML
More informationInformation Systems Architecture and Enterprise Modeling. Prof. Dr. Knut Hinkelmann
Information Systems Architecture and Enterprise Modeling Chapter 1: Introduction to Enterprise Architecture Motivation: Business IT Alignment Challenge: Agility Approach Enterprise Architecture Transparency
More informationImproving Requirements Specifications in Model-Driven Development Processes
Improving Requirements Specifications in Model-Driven Development Processes Jordi Cabot and Eric Yu Department of Computer Science, University of Toronto {jcabot,eric}@cs.toronto.edu Abstract: Understanding
More information*Sustainability as a. Software Quality Factor
* as a Software Quality Factor Coral Calero ALARCOS Research Group University of Castilla-La Mancha IBM Conference Day. March, 14th 2013 * Areas of research IS QUALITY 2 * ALARCOS RESEARCH GROUP * Research
More informationTesting of Web Services A Systematic Mapping
Testing of Web Services A Systematic Mapping Abhishek Sharma, Theodore D. Hellmann, Frank Maurer Department of Computer Science University of Calgary Calgary, Canada {absharma, tdhellma, frank.maurer}@ucalgary.ca
More informationAvancier Methods (AM) Applications architecture diagrams
Methods (AM) Applications architecture diagrams It is illegal to copy, share or show this document without the written permission of the copyright holder but you can share a link to it. Context for application(s)
More informationDr. Aldo Dagnino ABB, Inc. US Corporate Research Center October 21 st, Requirements Engineering
Dr. Aldo Dagnino ABB, Inc. US Corporate Research Center October 21 st, 2003 Requirements Engineering Class Objectives Students will be able to define the two process areas associated with the Requirements
More informationDEVELOPMENT OF MBSE/UML MATURITY MODEL
DEVELOPMENT OF MBSE/UML MATURITY MODEL ÖZLEM DEMIRCI MASTER THESIS 2010 INFORMATICS DEVELOPMENT OF MBSE/UML MATURITY MODEL SUBJECT INFORMATION TECHNOLOGIES AND MANAGEMENT IN INFORMATICS DEVELOPMENT OF
More informationResearch on Model-Driven Simulation Approach for Healthcare Information System
International Conference on Artificial Intelligence and Industrial Engineering (AIIE 2015) Research on Model-Driven Simulation Approach for Healthcare Information System L. L. Song, X. Q. Guo Wuhan General
More informationTop Down Versus Bottom Up in Service-Oriented Integration: An MDA-Based Solution for Minimizing Technology Coupling
Top Down Versus Bottom Up in Service-Oriented Integration: An MDA-Based Solution for Minimizing Technology Coupling Theo Dirk Meijler, Gert Kruithof, and Nick van Beest Information Systems, Faculty of
More informationA methodology for requirements analysis at CIM level
A methodology for requirements analysis at CIM level Iman Poernomo 1, George Tsaramirsis 2, Venera Zuna 3 1 King s College London, UK, iman.poernomo@kcl.ac.uk 2 Accenture, UK DC, UK, georgios.tsaramirsis@accenture.com
More informationModel Driven Architecture - Issues, Challenges and Future Directions
Model Driven Architecture - Issues, Challenges and Future Directions Amna Noureen*, Anam Amjad, Farooque Azam Department of Computer Engineering, College of EME, National University of Sciences and Technology
More informationModel-Based Requirements Engineering for Data Warehouses: From Multidimensional Modelling to KPI Monitoring
Model-Based Requirements Engineering for Data Warehouses: From Multidimensional Modelling to KPI Monitoring Azadeh Nasiri 1,2(B), Robert Wrembel 1, and Esteban Zimányi 2 1 Institute of Computing Science,
More informationTDT4250 Modelling of information Systems Autumn Meta-modeling. John Krogstie IDI, NTNU and SINTEF
Meta-modeling John Krogstie IDI, NTNU and SINTEF Meta.ppt 1 Overview of this week Why meta-modeling? Central concepts Domain-specific modeling using MetaEdit A19 Kelly and Pohjonen: "Domain-Specific Modeling
More informationTowards a Model-Driven and Role- Configurable Methodology Suite for Enterprise and Service- Oriented Interoperability
Towards a Model-Driven and Role- Configurable Methodology Suite for Enterprise and Service- Oriented Interoperability IESA 2010 Doctoral Symposium Brian Elvesæter 1, 2 and Arne-Jørgen Berre 1 1 SINTEF,
More informationPI-MDD Executive Summary
Platform-Independent Model Driven Development PI-MDD Executive Summary Version 1.1 January 13, 2014 Pathfinder Solutions www.pathfindersolns.com +1 508-568-0068 Table Of Contents Executive Summary... 2
More informationDesigning Software Ecosystems. How Can Modeling Techniques Help? Mahsa H. Sadi, Eric Yu. 1 Introduction. 2 Modeling Requirements.
Introduction Ecosystems Mahsa H. Sadi, Department of Computer Science University of Toronto E mail: mhsadi@cs.toronto.edu Exploring Modeling Methods for Systems Analysis and Design (EMMSAD) Working Conference
More informationTOGAF 9.1 Phases E-H & Requirements Management
TOGAF 9.1 Phases E-H & Requirements Management By: Samuel Mandebvu Sources: 1. Primary Slide Deck => Slide share @ https://www.slideshare.net/sammydhi01/learn-togaf-91-in-100-slides 1. D Truex s slide
More informationMethods for the specification and verification of business processes MPB (6 cfu, 295AA)
Methods for the specification and verification of business processes MPB (6 cfu, 295AA) Roberto Bruni http://www.di.unipi.it/~bruni 04 - Methodology 1 Objective Coarse-grained methodology for developing
More informationSoa Readiness Assessment, a New Method
ISSN : 8-96, Vol., Issue 8( Version ), August 0, pp.- RESEARCH ARTICLE OPEN ACCESS Soa Readiness Assessment, a New Method Ali Mirarab, Najmeh Ghasemi Fard and Abdol Reza Rasouli Kenari Electrical and Computer
More informationApplying Knowledge Management System Architecture in Software Maintenance Environment
Vol. 2, No. 4 Computer and Information Science Applying Knowledge Management System Architecture in Software Maintenance Environment Rossey Ginsawat, Rusli Abdullah & Mohd Zali Mohd Nor Faculty of Computer
More informationMicrosoft Dynamics NAV Reference Model
Microsoft Dynamics NAV Reference Model Dejan Pajk, University of Ljubljana, Faculty of Economics, Kardeljeva pl. 17, 1000 Ljubljana, Slovenia, dejan.pajk@ef.uni-lj.si Abstract: The past decade has seen
More informationA Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management
20th International Workshop on Database and Expert Systems Application A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management Stefan
More informationChapter 2 Accountants as Business Analysts. Changing Roles of Accountants in Business
Chapter 2 Accountants as Business Analysts Changing Roles of Accountants in Business - Past; accountants focused on stewardship and reporting functions: kept financial records, prepared financial reports
More informationThe pink lines detail the updating made. Dim 1 Dimension 2 Dimension 3
European e-competence Framework (e-cf) Version 3.0 - DRAFT CWA The white lines contain the e-cf v 2.0 content, The green lines contain the update. Changes are highlighted in red. The pink lines detail
More informationReusing Platform-specific Models in Model-Driven Architecture for Software Product Lines
Reusing Platform-specific Models in Model-Driven Architecture for Software Product Lines Frédéric Verdier 1,2, Abdelhak-Djamel Seriai 1 and Raoul Taffo Tiam 2 1 LIRMM, University of Montpellier / CNRS,
More informationPI-MDD Executive Summary
Version 0.4 January 29, 2011 Pathfinder Solutions www.pathfindersolns.com +1 508-568-0068 Table Of Contents Executive Summary... 2 Introduction... 2 The Needs... 2 Technical... 2 Business... 3 Methodology
More informationTest Workflow. Michael Fourman Cs2 Software Engineering
Test Workflow Michael Fourman Introduction Verify the result from implementation by testing each build Plan the tests in each iteration Integration tests for every build within the iteration System tests
More informationSession-2: Deep Drive into Non Functional Requirements (NFRs)
Session-2: Deep Drive into Non Functional Requirements (NFRs) Important Points to Note All Participating colleges are requested to mute your telephone lines during the webinar session. Participants are
More informationTowards an Interoperability Framework for Model-Driven Development of Software Systems
Towards an Interoperability Framework for Model-Driven Development of Software Systems INTEROP-ESA 05 Session IT1 : Industrial Track Brian Elvesæter 1, Axel Hahn 2, Arne-Jørgen Berre 1, Tor Neple 1 1 SINTEF,
More informationARIS WHAT S NEW? USER GROUP NORDIC. Helge Hess ARIS Product Management / Marketing
ARIS USER GROUP NORDIC WHAT S NEW? Helge Hess ARIS Product Management / Marketing TRANSFORM.MANAGE.CONTROL Manage Constant Change CONTROL HOW YOUR ORGANISATION ACTUALLY PERFORMS TRANSFORM HOW TO WIN IN
More informationBasics of Software Engineering. Carmen Navarrete
Basics of Software Engineering Carmen Navarrete Basics of Software Engineering Outline: Overview Software Development Life Cycle Project management Requirements Analysis and design Implementation Testing
More informationRigorous Business Process Modeling with OCL
Rigorous Business Process Modeling with OCL Tsukasa Takemura 12 and Tetsuo Tamai 2 1 Software Development Laboratory, IBM Japan, Ltd., Yamato-shi, Kanagawa-ken, Japan, tsukasa@jp.ibm.com 2 Graduate School
More informationTopics. Background Approach Status
16 th September 2014 Topics Background Approach Status Background e-governance in India National e-governance Plan 2006 31 Mission Mode Projects Quality Assurance in e-governance Quality Assessment of
More informationopenxchange Reference Architecture for Automated Business Process Integration
openxchange Reference Architecture for Automated Business Process Integration Henning Hinderer 1, Boris Otto 1, Erwin Folmer 2 1 Fraunhofer IAO, CC EBI, Nobelstr 12, 70569 Stuttgart, Germany, {henning.hinderer,
More informationLectures 2 & 3. Software Processes. Software Engineering, COMP201 Slide 1
Lectures 2 & 3 Software Processes Software Engineering, COMP201 Slide 1 What is a Process? When we provide a service or create a product we always follow a sequence of steps to accomplish a set of tasks
More informationCase Study: A Model Driven Architecture for Integrating Enterprise Wide Federal Web Applications
Case Study: A Model Driven Architecture for Integrating Enterprise Wide Federal Web Applications John Allen Smith, Ventera Corporation McLean, Virginia 1 Federal IT Challenges Nationwide interconnected
More informationDigital & Technology Solutions Specialist Integrated Degree Apprenticeship (Level 7)
Digital & Technology Solutions Specialist Integrated Degree Apprenticeship (Level 7) Role Profile A Digital & Technology Solutions Specialist maintains digital and technology strategies through technology
More informationSoftware Metric Design: Issues, Guidelines and Process
Software Metric Design: Issues, Guidelines and Process Sunil Sikka Department of Computer Science & Engineering, Amity University Haryana Gurgaon, Haryana (India) sunil.sikka@yahoo.com Abstract Software
More informationProcess-Oriented Requirement Analysis Supporting the Data Warehouse Design Process A Use Case Driven Approach
Process-Oriented Requirement Analysis Supporting the Data Warehouse Design Process A Use Case Driven Approach Beate List, Josef Schiefer, A Min Tjoa Institute of Software Technology (E188) Vienna University
More informationSoftware Engineering Lecture 5 Agile Software Development
Software Engineering Lecture 5 Agile Software Development JJCAO Mostly based on the presentation of Software Engineering, 9ed Exercise Describe the main activities in the software design process and the
More informationINTEROP Interoperability Research for Networked Enterprises Applications and Software
Network of Excellence - Contract no.: IST-508 011 www.interop-noe.org Deliverable DTG6.2 INTEROP Method Repository Deliverable No. and title: Classification: DTG6.2 INTEROP Method Repository Public Project
More informationCIMFLOW A WORKFLOW MANAGEMENT SYSTEM BASED ON INTEGRATION PLATFORM ENVIRONMENT
CIMFLOW A WORKFLOW MANAGEMENT SYSTEM BASED ON INTEGRATION PLATFORM ENVIRONMENT Haibin Luo Yushun Fan State CIMS Engineering and Research Center, Dept. of Automation, Tsinghua University Beijing, P.R. China.
More informationUnique spectrum: Comprehensive solutions for the financial industry
from mind to market from mind to market Unique spectrum: Comprehensive solutions for the financial industry INNOVATION An innovation leader in the financial sector for more than 20 years TRANSFORMATION
More informationApplying Model Driven Architecture Approach to Develop Software Systems Case Study
The International Arab Conference on Information Technology (ACIT 2013) Applying Model Driven Architecture Approach to Develop Software Systems Case Study Mohammed Abdalla Osman Mukhtar College of Computer
More informationThe Systems Development Lifecycle
Modelling and Systems Development Lecture 2 The Systems Development Lifecycle The four-phase model common to all system developments projects The project Major attributes of the Lifecycle Moves systematically
More informationAn MDA Method for Automatic Transformation of Models from CIM to PIM
American Journal of Software Engineering and Applications 2015; 4(1): 1-14 Published online March 10, 2015 (http://www.sciencepublishinggroup.com/j/ajsea) doi: 10.11648/j.ajsea.20150401.11 ISSN: 2327-2473
More informationMapping Service-Orientation to TOGAF 9 Part IV: Applying Service-Orientation to TOGAF s Service Contracts
Mapping Service-Orientation to TOGAF 9 Part IV: Applying Service-Orientation to TOGAF s Service Contracts by Filippos Santas, Credit Suisse Private Banking in Switzerland In this series of articles we
More informationINCLUDING FUNCTIONAL AND NON-TECHNICAL REQUIREMENTS IN A SOFTWARE REQUIREMENT PATTERNS CATALOGUE
Master in Computing Master of Science Thesis INCLUDING FUNCTIONAL AND NON-TECHNICAL REQUIREMENTS IN A SOFTWARE REQUIREMENT PATTERNS CATALOGUE Cristina Palomares Bonache Advisor/s: Xavier Franch Gutiérrez
More informationAuditing e-government
8 into IT Auditing e-government Life-cycle risks and setting up a database Biography Erna Lea is a Deputy Director General at the Office of the Auditor General of Norway (OAG). She has a degree in economics
More information25R. ebpmn for Process Modeling: A design science/hips evaluation
Association for Information Systems AIS Electronic Library (AISeL) CONF-IRM 2010 Proceedings International Conference on Information Resources Management (CONF-IRM) 5-2010 25R. ebpmn for Process Modeling:
More informationSOP 4 EBPM: Generating Executable Business Services from Business Models*
SOP 4 EBPM: Generating Executable Business Services from Business Models* Rubén de Juan-Marín 1 and Rubén Darío Franco 2 1 Instituto Tecnológico de Informática Univ. Politécnica de Valencia, 46022 Valencia,
More informationModel Driven Development with Non-Functional Aspects
Model Driven Development with Non-Functional Aspects Liming Zhu, Yan Liu NICTA, Australian Technology Park, Eveleigh, Australia School of Computer Science and Engineering, University of New South Wales,
More informationReady for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
SAP Database and Data Management Portfolio/SAP GRC Solutions Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
More informationThe Product and the Process The Product The Evolving Role of Software Software Software: A Crisis on the Horizon Software Myths Summary References
The Product and the Process The Product The Evolving Role of Software Software Software: A Crisis on the Horizon Software Myths Further Readings and Information Sheets The Process Software Engineering
More informationTDT4252 Modelling of Information Systems Advanced Course
1 TDT4252 Modelling of Information Systems Advanced Course Sobah Abbas Petersen Adjunct Associate Professor sap@idi.ntnu.no 2 Today s Lecture AKM in Industry: an example Purpose: To describe an approach
More informationAPIs and the Digital Enterprise
in association with APIs and the Digital Enterprise Freeform Dynamics, 2015 APIs in Perspective A familiar concept now critical to digital business Application programming interfaces (APIs) have been around
More information